x509 plugin supports encoding of CA basicConstraint extension
authorMartin Willi <martin@strongswan.org>
Tue, 8 Sep 2009 08:38:02 +0000 (10:38 +0200)
committerMartin Willi <martin@strongswan.org>
Tue, 8 Sep 2009 08:38:02 +0000 (10:38 +0200)
src/libstrongswan/plugins/x509/x509_cert.c

index 406fe4d..dc789e7 100644 (file)
@@ -1209,6 +1209,7 @@ struct private_builder_t {
 static bool generate(private_builder_t *this)
 {
        chunk_t extensions = chunk_empty;
+       chunk_t basicConstraints = chunk_empty, subjectAltNames = chunk_empty;
        identification_t *issuer, *subject;
        chunk_t key_info;
        signature_scheme_t scheme;
@@ -1300,10 +1301,31 @@ static bool generate(private_builder_t *this)
        {
                return FALSE;
        }
+
+
        if (this->cert->subjectAltNames->get_count(this->cert->subjectAltNames))
        {
                /* TODO: encode subjectAltNames */
        }
+       if (this->flags & X509_CA)
+       {
+               chunk_t yes;
+
+               yes = chunk_alloca(1);
+               yes.ptr[0] = 0xFF;
+               basicConstraints = asn1_wrap(ASN1_SEQUENCE, "mmm",
+                                                               asn1_build_known_oid(OID_BASIC_CONSTRAINTS),
+                                                               asn1_wrap(ASN1_BOOLEAN, "c", yes),
+                                                               asn1_wrap(ASN1_OCTET_STRING, "m",
+                                                                               asn1_wrap(ASN1_SEQUENCE, "m",
+                                                                                       asn1_wrap(ASN1_BOOLEAN, "c", yes))));
+       }
+       if (basicConstraints.ptr || subjectAltNames.ptr)
+       {
+               extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m",
+                                               asn1_wrap(ASN1_SEQUENCE, "mm",
+                                                       basicConstraints, subjectAltNames));
+       }
 
        this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm",
                asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2),